Android virus “”

Something really weird is going with my Android phone: from time to time it opens me browser with this link. By domain I immediately realised that it’s fake.

whatsappupgrade android virus

I checked the logic: after you click the button “Ok” it redirects you to page with even more interesting domain name – (full link) And I see this:

virus android site

The page says that I should upgrade Whatapp application as soon as possible. And when you click green button it forward you to, where you see:

android virus browser page

So as we see the final goal of these bastards is to subscribe you to a paid service (12 euro per week).

whois for this domain name of course does not provide any information:

Domain Name: MOBL-APPS.COM
Sponsoring Registrar IANA ID: 146
Whois Server:
Referral URL:
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 06-nov-2014
Creation Date: 06-nov-2014
Expiration Date: 06-nov-2015

Only when it was registered and where.

By IP – – we could also get a hosting:

inetnum: -
netname:        XLIS-VPS35
descr:          XL Internet Services Amsterdam Network
country:        NL
admin-c:        XLIS-RIPE
tech-c:         XLIS-RIPE
status:         ASSIGNED PA
mnt-by:         XLIS-NL-MNT
mnt-domains:    XLIS-NL-MNT
created:        2011-05-25T19:27:38Z
last-modified:  2011-05-25T19:27:38Z
source:         RIPE  Filtered

role:           XL Internet Services Hostmaster
address:        XL Internet Services BV
address:        Delftsestraat 5b
address:        3013AB Rotterdam
address:        The Netherlands
phone:          +31 10 270 94 70
fax-no:         +31 10 433 44 60
nic-hdl:        XLIS-RIPE
admin-c:        XLIS-RIPE
tech-c:         XLIS-RIPE
remarks:        ------------------------------------------------
remarks:        E-mail is the preferred contact method!
remarks:        ------------------------------------------------
remarks:        Please use one of the following addresses:
remarks:   - for abuse notification
remarks: - for technical questions
remarks:    - for anything else
remarks:        ------------------------------------------------
mnt-by:         XLIS-NL-MNT
created:        2007-01-11T12:57:00Z
last-modified:  2011-01-03T17:26:11Z
source:         RIPE  Filtered

% Information related to ''

descr:          XL Network
origin:         AS35470
mnt-by:         XLIS-NL-MNT
created:        2011-04-08T15:36:05Z
last-modified:  2011-04-08T15:36:05Z
source:         RIPE  Filtered

so it’s Rotterdam. Probably it’s good to call the hosting provider and ask WTF?!

The most weird thing that I did not install any new applications, moreover I removed almost all that I had and installed 3 different anti-virus applications and made scan – without any result.

Also I went to app manager “run” tab: no strange apps were there.

If you know the solution – please share, because I’m going to reinstall the whole operation system :(